In order to make the security of an electronic computer system reliable, a mechanism is needed which does not permit an unauthorized person to physically access a specific portion of the computer system. Particularly, such a mechanism is needed to prohibit any unauthorized person from making a copy of the contents contained in a certain location of the system or from altering codes contained therein. To this end, a confidential portion of the system is confined within a module to preserve the confidentiality of the system. In case there is an attempt to tamper with the module to decode the confidential data stored therein, e.g. when an attempt is made to bore a hole in the module, it is conventional to defend against the attempt by erasing the confidential data in response to the boring.
A tamper resistant module, as mentioned above is disclosed in "Physical Security for the .mu. ABYSS System" by Steve H. Weingart of IBM Thomas J. Watson Research Center, Proceedings, 1987 IEEE Symposium on Security and Privacy, Oakland, Calif. Apr. 27-29, 1987, p.p. 55-58. In the known module, a thin wire such as a nichrome wire is wound about the module which holds the confidential data therein. In case that the wire is cut, short-circuited, or the connection of the wire is changed, such tampering with the module is detected from the change in resistance of the wire, in response to which the confidential data is erased.
However, winding of the wire on the module is not suitable for mass production. Further, the resistance of the wire changes due to aging, or in accordance with a change in temperature, or due to other ambient changes. Thus, notwithstanding the fact that an attempt to tamper is not occurring, the confidential data can be erroneously erased. Furthermore, despite the fact that an attempt to tamper is occurring, such an attempt may not be detected with the result that the module fails to erase the confidential data contained in the module.